looking up pgp keys
John Clizbe
John at enigmail.net
Thu Sep 12 01:48:57 CEST 2013
LTim Prepscius wrote:
> Thank you very much for this feed back.
>
> I'm thinking, thinking, thinking...
>
>
> Here is sort of a naive question:
>
> Why aren't the results from the http://pgp.mit.edu:11371 signed with their key?
> They have an http request but there is no way I can tell if I've been mitm-ed.
As others have replied, it's not the keyserver's responsibility
> I should be able to ask each server I request from, the public key of
> the other servers, and then check the signature of each against each
> other
>
> ??
>
> Is this implemented and I'm missing it somehow?
Aside from what is required to calculate a fingerprint, and in SKS' case the
hash used in reconiliation, there is NO crypto functionality built into the
keyserver software. That responsibility rests with the client software.
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130911/b258318c/attachment-0001.sig>
More information about the Gnupg-devel
mailing list